尽管在例如SQL访问?

时间:2018-03-09 19:40:51

标签: c# sql winforms access

问题在于:

我正在使用Visual Studio并创建了Winforms应用程序。这应该适用于数据库。使用SQL查询读取数据库完全没问题。

cmd.CommandText = 
     "SELECT Buecher.Bu_ISBN AS ISBN, 
             Buecher.Bu_Titel AS Titel,  
             Buecher.Bu_Originaltitel AS Originaltitel, 
             Buecher.Bu_Buchreihe AS Buchreihe, 
             Buecher.Bu_Genre AS Genre, 
             Autor.Au_Vorname AS [Autor-Vorname], 
             Autor.Au_Nachname AS[Autor-Nachname], 
             Verlag.Ve_Name AS Verlag 
      FROM ((((Buecher 
               INNER JOIN [Buch-Autor] 
                 ON Buecher.Bu_ID = [Buch-Autor].Bu_ID) 
               INNER JOIN Autor 
                 ON [Buch-Autor].Au_ID = Autor.Au_ID) 
               INNER JOIN [Buch-Verlag] 
                 ON Buecher.Bu_ID = [Buch-Verlag].Bu_ID) 
               INNER JOIN Verlag 
                 ON [Buch-Verlag].Ve_Name = Verlag.Ve_Name)";
        ausgabe();

(它是德语,ausgabe()是一个将Query传输到DataGridView的方法 - 工作正常)

在程序的后面,用户应使用文本框搜索各种标准,这些文本框不再有效,查询根本不会执行。

if (optBuch.Checked == true)
        {
            cmd.CommandText = 
               "SELECT Buecher.Bu_ISBN AS ISBN, 
                       Buecher.Bu_Titel AS Titel, 
                       Buecher.Bu_Originaltitel AS Originaltitel, 
                       Buecher.Bu_Buchreihe AS Buchreihe, 
                       Buecher.Bu_Genre AS Genre, 
                       Autor.Au_Vorname AS [Autor-Vorname], 
                       Autor.Au_Nachname AS [Autor-Nachname], 
                       Verlag.Ve_Name AS Verlag 
                FROM ((((Buecher 
                         INNER JOIN [Buch-Autor] 
                            ON Buecher.Bu_ID = [Buch-Autor].Bu_ID) 
                         INNER JOIN Autor 
                            ON [Buch-Autor].Au_ID = Autor.Au_ID) 
                         INNER JOIN [Buch-Verlag] 
                            ON Buecher.Bu_ID = [Buch-Verlag].Bu_ID) 
                         INNER JOIN Verlag 
                            ON [Buch-Verlag].Ve_Name = Verlag.Ve_Name)  
              WHERE (Buecher.Bu_ISBN = '%" + txtOpt1.Text + "%') 
                AND (Buecher.Bu_Titel = '%" + txtOpt2.Text + "%') 
                AND (Buecher.Bu_Originaltitel = '%" + txtOpt3.Text + "%') 
                AND (Buecher.Bu_Buchreihe = '%" + txtOpt4.Text + "%') 
                AND (Buecher.Bu_Genre = '%" + txtOpt5.Text + "%') 
                AND (Autor.Au_Vorname = '%" + txtOpt6.Text + "%') 
                AND (Autor.Au_Nachname = '%" + txtOpt7.Text + "%') 
                AND (Verlag.Ve_Name = '%" + txtOpt8.Text + "%')";

我尝试了各种形式的查询,但直到现在还没有人工作。当我删除整个" Where "节...

我希望我能以一种易于理解的方式表达自己。

2 个答案:

答案 0 :(得分:0)

你不能使用操作数" ="如果你想使用通配符。替换" ="与"喜欢"。

所以它看起来像这样:

WHERE(Buecher.Bu_ISBN like '%" + txtOpt1.Text + "%') AND
(Buecher.Bu_Titel like '%" + txtOpt2.Text + "%')

答案 1 :(得分:0)

除了使用@The Integrator建议的LIKE,您可能需要OR而不是AND

否则该行必须匹配要返回的所有条件。

          WHERE (Buecher.Bu_ISBN = '%" + txtOpt1.Text + "%') 
            OR (Buecher.Bu_Titel = '%" + txtOpt2.Text + "%') 
            OR (Buecher.Bu_Originaltitel = '%" + txtOpt3.Text + "%') 
            OR (Buecher.Bu_Buchreihe = '%" + txtOpt4.Text + "%') 
            OR (Buecher.Bu_Genre = '%" + txtOpt5.Text + "%') 
            OR (Autor.Au_Vorname = '%" + txtOpt6.Text + "%') 
            OR (Autor.Au_Nachname = '%" + txtOpt7.Text + "%') 
            OR (Verlag.Ve_Name = '%" + txtOpt8.Text + "%')";

您还需要使用参数,否则您很容易受到Sql Injection攻击

https://stackoverflow.com/a/5165985/3470178

相关问题
最新问题